BleepingComputer.com: Vundo Trojan infected computer trying to fix it.

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Vundo Trojan infected computer trying to fix it. HijackThis Log

#1 User is offline   shawleigh17 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 09-April 09

Posted 09 April 2009 - 11:50 AM

DDS (Ver_09-03-16.01) - NTFSx86
Run by 03318803 at 11:46:46.95 on Thu 04/09/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.182 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Cisco Security Agent *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\marimba\tuner\Tuner.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\marimba\tuner\lib\jre\bin\java.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\install\BgInfo\bginfo.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Cisco Systems\CSAgent\bin\okclient.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\ProgramFiles\Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Documents and Settings\03318803\Desktop\dds.scr
D:\Documents and Settings\03318803\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://pepsicopvt.corp.pep.pvt/eportal/site/flnapvt
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://pepsicopvt.corp.pep.pvt/eportal/site/flnapvt
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {4f90b8c2-096a-4840-8a5c-9ba1561d2be5} - c:\windows\system32\husowipe.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~2\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [BGInfo] c:\install\bginfo\BGInfo.vbs
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [kugewabuku] Rundll32.exe "c:\windows\system32\buyenayo.dll",s
mRun: [CPMa738512b] Rundll32.exe "c:\windows\system32\hufowebi.dll",a
mRun: [a40b62b7] rundll32.exe "c:\windows\system32\lisepeyo.dll",b
dRun: [InetChk] c:\windows\temp\ms1239131715.exe work
dRunOnce: [PowerConfig] cmd /c c:\install\power.cmd
dRunOnce: [Net Use default] cmd /c net use /P:NO
dRunOnce: [NFuse] cmd /c robocopy c:\install\nfuse "d:\personal\%username%\favorites\citrix" /xx /r:3 /w:2 /np /tee /log+:%systemroot%\debug\NFuse.log
dRunOnce: [OWA] cmd /c robocopy c:\install\owa "d:\personal\%username%\favorites\owa" /xx /r:3 /w:2 /np /tee /log+:%systemroot%\debug\OWA.log
dRunOnce: [EnableBalloonTips] cmd /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "EnableBalloonTips" /T REG_DWORD /D "1" /F >NUL
dRunOnce: [ImportPRF] cmd /c reg add "HKCU\Software\Microsoft\Office\11.0\Outlook\Setup" /v "ImportPRF" /t REG_SZ /D "c:\install\olk2k3sp2\Outlook.prf" /F >NUL
dRunOnce: [FirstRun] cmd /c reg delete "HKCU\Software\Microsoft\Office\11.0\Outlook\Setup" /v "FirstRun" /F >NUL
dRunOnce: [First-Run] cmd /c reg delete "HKCU\Software\Microsoft\Office\11.0\Outlook\Setup" /v "First-Run" /F >NUL
dRunOnce: [PreventStartScan] cmd /c regusers c:\install\scripts\preventstartscan.hck /current c:\windows\debug\PreventStartScanfix.log
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\csagent\bin\okclient.exe
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
mPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: NoWindowsUpdate = 1 (0x1)
dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~2\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: mypepsico.com
Trusted Zone: pep.cert\corp
Trusted Zone: pep.dev\corp
Trusted Zone: pep.eng\corp
Trusted Zone: pep.pvt\corp
Trusted Zone: pep.temp\corp
Trusted Zone: pep.tst\corp
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235421891640
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {cafeefac-0016-0000-0013-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: csauser.dll c:\windows\system32\ c:\windows\system32\vimunama.dll c:\windows\system32\ c:\windows\system32\ c:\windows\system32\ledanozo.dll c:\windows\system32\hufowebi.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hufowebi.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\hufowebi.dll
LSA: Notification Packages = scecli c:\windows\system32\vimunama.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\03318803\applic~1\mozilla\firefox\profiles\vv7o8d7a.default\
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: d:\documents and settings\03318803\application data\mozilla\firefox\profiles\vv7o8d7a.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

R0 avgrkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-4-8 12552]
R0 csacenter;Cisco Security Agent Rule Engine;c:\windows\system32\drivers\csacentr.sys [2008-12-15 336000]
R0 csafile;Cisco Security Agent File Access Controller;c:\windows\system32\drivers\csafile.sys [2008-12-15 83712]
R0 csanet;Cisco Security Agent Packet Verifier;c:\windows\system32\drivers\csanet.sys [2008-12-15 234752]
R0 csareg;Cisco Security Agent Registry Access Controller;c:\windows\system32\drivers\csareg.sys [2008-12-15 40832]
R1 avgldx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-8 325640]
R1 avgmfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-8 27656]
R1 avgtdix;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-8 108552]
R1 csatdi;Cisco Security Agent Network Access Controller;c:\windows\system32\drivers\csatdi.sys [2008-12-15 166784]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R1 WrqDft;WrqDft;c:\windows\system32\drivers\Wrqdft.sys [2005-2-25 40480]
R1 WrqSDL;WrqSDL;c:\windows\system32\drivers\Wrqsdl.sys [2005-2-25 18368]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-8 298264]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]
R2 CSAgent;Cisco Security Agent;c:\program files\cisco systems\csagent\bin\csacontrol.exe [2008-12-15 303104]
R2 PepsiAgent;Pepsi_Agent;c:\marimba\tuner\Tuner.exe [2007-7-26 36956]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-12-15 9817]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-21 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090408.003\naveng.sys [2009-4-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090408.003\navex15.sys [2009-4-8 876144]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-12-15 117760]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\nortel networks\Extranet_serv.exe [2008-12-15 643072]

=============== Created Last 30 ================

2009-04-09 11:46 <DIR> --d----- c:\temp\RarSFX1
2009-04-09 11:27 213 ---sh--- c:\windows\system32\viyopoya.exe
2009-04-09 11:27 1,405,485 ---sh--- c:\windows\system32\oyepesil.ini
2009-04-09 11:27 <DIR> --d----- c:\temp\hsperfdata_03318803
2009-04-09 10:59 <DIR> --d----- c:\windows\pss
2009-04-08 23:27 213 ---sh--- c:\windows\system32\giseyeyi.exe
2009-04-08 15:53 207 a------- c:\windows\wininit.ini
2009-04-08 14:50 <DIR> --d----- c:\temp\FlashListsCmpnyDft.scr
2009-04-08 13:06 <DIR> --d----- C:\VundoFix Backups
2009-04-08 12:27 36,864 a------- c:\temp\6t0rbw-x.dll
2009-04-08 11:26 213 ---sh--- c:\windows\system32\seviruwa.exe
2009-04-08 11:15 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-08 11:12 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-08 11:12 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-08 11:12 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-04-08 11:12 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-08 11:12 <DIR> --d----- d:\docume~1\03318803\applic~1\AVGTOOLBAR
2009-04-08 11:12 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-08 11:12 <DIR> --d----- d:\docume~1\alluse~1\applic~1\avg8
2009-04-08 11:12 <DIR> --d----- c:\program files\AVG
2009-04-08 11:10 <DIR> --d----- c:\temp\7zS2F.tmp
2009-04-08 10:51 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-08 10:14 0 a------- c:\windows\vpc32.INI
2009-04-08 06:05 155 a------- c:\windows\system32\SelfDel.bat
2009-04-07 22:05 106,450 a------- c:\windows\system32\drivers\d33e49ce.sys
2009-04-07 14:22 <DIR> --d----- c:\program files\Chilkat Software Inc
2009-04-01 01:26 0 a------- C:\s28g
2009-03-30 08:23 1,444,004 a------- c:\temp\ExchangePerflog_8484fa316fd38a9307531d47.dat
2009-03-19 14:07 13,696 a------- c:\windows\system32\drivers\wpsnuio.sys
2009-03-19 14:07 <DIR> --d----- c:\program files\Skyhook Wireless
2009-03-19 14:07 <DIR> --d----- d:\docume~1\alluse~1\applic~1\GoBoingo
2009-03-19 14:07 <DIR> --d----- c:\program files\Boingo
2009-03-17 20:53 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2009-03-17 20:53 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2009-03-17 20:53 10,880 ac------ c:\windows\system32\dllcache\ndisip.sys
2009-03-17 20:53 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2009-03-17 20:51 339,968 a------- c:\windows\vsnpstd3.exe
2009-03-17 20:51 53,248 a------- c:\windows\vsnpstd3.dll
2009-03-17 20:51 8,410,880 a------- c:\windows\system32\drivers\snpstd3.sys
2009-03-17 20:51 53,248 a------- c:\windows\system32\csnpstd3.dll
2009-03-17 20:51 15,498 a------- c:\windows\snpstd3.ini
2009-03-17 20:51 13,023 a------- c:\windows\snpstd3.src
2009-03-17 20:22 59,264 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-03-17 20:22 59,264 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-03-14 16:30 1,834 a------- C:\s13s.1u
2009-03-12 15:27 <DIR> --dsh--- C:\found.000
2009-03-11 08:13 1,933 a------- C:\s3e0.1
2009-03-11 08:13 1,928 a------- C:\s7o.1
2009-03-11 08:13 1,925 a------- C:\s31o.1
2009-03-11 08:13 1,895 a------- C:\s10g.1l
2009-03-11 08:13 1,863 a------- C:\s318.2t
2009-03-11 08:13 0 a------- C:\skg.1v
2009-03-11 04:09 0 a------- C:\s2q8

==================== Find3M ====================

2009-04-09 11:27 108,032 a--sh--- c:\windows\system32\hufowebi.dll
2009-04-09 11:27 103,424 -------- c:\windows\system32\lisepeyo.dll
2009-04-08 11:27 69,632 a--sh--- c:\windows\system32\latabaye.dll
2009-03-29 23:55 26,736 a------- d:\docume~1\03318803\applic~1\GDIPFONTCACHEV1.DAT
2009-03-26 22:21 20 ----h--- d:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-08 11:27 69,632 a--sh--- c:\windows\system32\buyenayo.dll
2009-01-08 11:27 69,632 a--sh--- c:\windows\system32\husowipe.dll
2009-01-08 11:27 69,632 a--sh--- c:\windows\system32\vimunama.dll
2009-01-08 11:26 0 a--sh--- c:\windows\system32\wivawira.exe

============= FINISH: 11:49:02.57 ===============

#2 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 10 April 2009 - 07:27 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.




=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 User is offline   Buckeye_Sam 

  • Malware Expert
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 17,382
  • Joined: 23-December 04
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 28 April 2009 - 04:54 PM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users